This paper introduces the first study of adversarial attacks on attributed graphs, focusing on deep learning models for node classification. The authors propose NETTACK, an efficient algorithm for generating adversarial perturbations that manipulate both node features and graph structure while ensuring the changes remain unnoticeable. The attacks target the training phase of the model (poisoning/causative attacks) and aim to reduce the accuracy of node classification. The perturbations are designed to preserve important data characteristics such as degree distribution and feature co-occurrence, making the changes less detectable. The experiments show that even a small number of perturbations can significantly reduce classification accuracy, and the attacks are transferable across different models and datasets. The study highlights the vulnerability of graph-based learning models to adversarial attacks and the need for robustness in such systems.This paper introduces the first study of adversarial attacks on attributed graphs, focusing on deep learning models for node classification. The authors propose NETTACK, an efficient algorithm for generating adversarial perturbations that manipulate both node features and graph structure while ensuring the changes remain unnoticeable. The attacks target the training phase of the model (poisoning/causative attacks) and aim to reduce the accuracy of node classification. The perturbations are designed to preserve important data characteristics such as degree distribution and feature co-occurrence, making the changes less detectable. The experiments show that even a small number of perturbations can significantly reduce classification accuracy, and the attacks are transferable across different models and datasets. The study highlights the vulnerability of graph-based learning models to adversarial attacks and the need for robustness in such systems.